Gluetun VPN client

Lightweight swiss-knife-like VPN client to multiple VPN service providers

Quick links

• Setup

• Features

• Problem?

  • Check the Wiki common errors and faq
  • Start a discussion
  • Fix the Unraid template

• Suggestion?

  • Create an issue

• Happy?

  • Sponsor me on github.com/sponsors/qdm12
  • Donate to paypal.me/qmcgaw
  • Drop me an email

• Want to add a VPN provider? check the development page and add a provider page

• Video:

  

• Substack Console interview

Features

• Based on Alpine 3.18 for a small Docker image of 35.6MB
• Supports: AirVPN, Cyberghost, ExpressVPN, FastestVPN, HideMyAss, IPVanish, IVPN, Mullvad, NordVPN, Perfect Privacy, Privado, Private Internet Access, PrivateVPN, ProtonVPN, PureVPN, SlickVPN, Surfshark, TorGuard, VPNSecure.me, VPNUnlimited, Vyprvpn, WeVPN, Windscribe servers
• Supports OpenVPN for all providers listed
• Supports Wireguard both kernelspace and userspace
  • For AirVPN, Ivpn, Mullvad, NordVPN, Surfshark and Windscribe
  • For ProtonVPN, PureVPN, Torguard, VPN Unlimited and WeVPN using the custom provider
  • For custom Wireguard configurations using the custom provider
  • More in progress, see #134
• DNS over TLS baked in with service provider(s) of your choice
• DNS fine blocking of malicious/ads/surveillance hostnames and IP addresses, with live update every 24 hours
• Choose the vpn network protocol, udp or tcp
• Built in firewall kill switch to allow traffic only with needed the VPN servers and LAN devices
• Built in Shadowsocks proxy (protocol based on SOCKS5 with an encryption layer, tunnels TCP+UDP)
• Built in HTTP proxy (tunnels HTTP and HTTPS through TCP)
• Connect other containers to it
• Connect LAN devices to it
• Compatible with amd64, i686 (32 bit), ARM 64 bit, ARM 32 bit v6 and v7, and even ppc64le 🎆
• Custom VPN server side port forwarding for Private Internet Access
• Possibility of split horizon DNS by selecting multiple DNS over TLS providers
• Unbound subprogram drops root privileges once launched
• Can work as a Kubernetes sidecar container, thanks @rorph

Setup

🎉 There are now instructions specific to each VPN provider with examples to help you get started as quickly as possible!

Go to the Wiki!

🐛 Found a bug in the Wiki?!

Here's a docker-compose.yml for the laziest:

version: "3"
services:
  gluetun:
    image: qmcgaw/gluetun
    # container_name: gluetun
    # line above must be uncommented to allow external containers to connect.
    # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/connect-a-container-to-gluetun.md#external-container-to-gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
    volumes:
      - /yourpath:/gluetun
    environment:
      # See https://github.com/qdm12/gluetun-wiki/tree/main/setup#setup
      - VPN_SERVICE_PROVIDER=ivpn
      - VPN_TYPE=openvpn
      # OpenVPN:
      - OPENVPN_USER=
      - OPENVPN_PASSWORD=
      # Wireguard:
      # - WIREGUARD_PRIVATE_KEY=wOEI9rqqbDwnN8/Bpp22sVz48T71vJ4fYmFWujulwUU=
      # - WIREGUARD_ADDRESSES=10.64.222.21/32
      # Timezone for accurate log times
      - TZ=
      # Server list updater
      # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/servers.md#update-the-vpn-servers-list
      - UPDATER_PERIOD=

🆕 Image also available as ghcr.io/qdm12/gluetun

License